The Windows C Runtime Library is a shared library containing instructions for the standard C library functions. It is used by almost all Windows programs compiled from C or C++ source code.

There exists a format string vulnerability in the Windows C Runtime Library that may be exploitable through programs that use the affected functions.

It has been confirmed that this vulnerability is exploitable through SQL Server, however the only possible consequence of a successful attack is a denial of service (code execution is reportedly not possible).